{"ok":true,"c":"## Dovecot configuration file\n\n# NOTICE FOR CPANEL SYSTEMS\n# On cPanel servers this file is generated by combining a\n# template at \/var\/cpanel\/templates\/dovecot\/main.default\n# and a datastore at \/var\/cpanel\/conf\/dovecot\/main\n#\n# The template may be customized by making a copy of it at\n# \/var\/cpanel\/templates\/dovecot\/main.local\n# similar to the way in which httpd.conf can be customized\n#\n# Direct edits of the rendered dovecot.conf file will not\n# be preserved when dovecot is updated.  Use the\n# \"Mailserver Configuration\" interface in WebHostManager instead.\n\n# See https:\/\/doc.dovecot.org for config explanations and examples.\n# We have removed most commentary from this file if a setting is unused\n# for brevity's sake.\n\n##\n## GLOBAL settings\n##\n\n# NOTE: if dovecot_config_version does not equal the dovecot version,\n# pigeonhole won't work and cause dovecot to fail to start.\n# As far as I can tell, dovecot_storage_version does nothing, as you can\n# specify 2.3 or 2.4 and it acts exactly the same way. Basically pointless.\ndovecot_config_version =2.4.2 \ndovecot_storage_version = 2.4.2 \n\n# Protocols we want to be serving: imap pop3 sieve\n# If you only want to use dovecot-auth, you can set this to \"none\".\nprotocols = lmtp imap pop3 sieve\n\nverbose_proctitle = no\n\n##\n## Includes\n##\n\n# SSL & SNI hosts\n!include_try \/etc\/dovecot\/ssl.conf\n!include_try \/etc\/dovecot\/sni.conf\n\n##\n## Login processes\n##\n\n##\n## Mailbox locations and namespaces\n##\nnamespace inbox {\n   type = private\n\n   # Hierarchy separator to use. You should use the same separator for all\n   # namespaces or some clients get confused. '\/' is usually a good one.\n   # The default however depends on the underlying mail storage format.\n   separator = .\n\n   # Prefix required to access this namespace. This needs to be different for\n   # all namespaces. For example \"Public\/\".\n   prefix = INBOX.\n\n   # There can be only one INBOX, and this setting defines which namespace\n   # has it.\n   inbox = yes\n\n  mailbox Drafts {\n    special_use = \\Drafts\n    auto = subscribe\n  }\n\n  mailbox spam {\n    special_use = \\Junk\n    auto = subscribe\n  }\n\n  mailbox Trash {\n    special_use = \\Trash\n    auto = subscribe\n    quota_ignore = yes\n  }\n\n  mailbox Sent {\n    special_use = \\Sent\n    auto = subscribe\n  }\n\n  mailbox \"Sent Messages\" {\n    special_use = \\Sent\n    auto = no\n  }\n\n  mailbox Archive {\n    special_use = \\Archive\n    auto = create\n  }\n\n  mailbox \"Archives\" {\n    special_use = \\Archive\n    auto = no\n  }\n}\n\n##\n## Mail processes\n##\n\n# Valid UID range for users, defaults to 500 and above. This is mostly\n# to make sure that users can't log in as daemons or other system users.\n# Note that denying root logins is hardcoded to dovecot binary and can't\n# be done even if first_valid_uid is set to 0.\nfirst_valid_uid = 201\n\n# List of plugins that *specifically need to be initialized* in the global scope.\n# Plugins specific to IMAP, LDA, etc. *replace* this list in their own\n# configuration scopes on Dovecot 2.4.\nmail_plugins {\n    mail_compress = yes\n    quota         = yes\n    quota_clone   = yes\n}\n\n# Set various plugin related settings we want globally after.\n# Global quota configuration for Dovecot 2.4\n# This stuff used to be over in Cpanel\/MailAuth\/Dovecot.pm, but you can't do\n# that anymore per user on dovecot 2.4 other than overriding things like\n# quota_driver.\nquota Mailbox {\n}\n\nquota \"cPanel Account\" {\n    driver = fs\n}\n\n# Dovecot 2.4.2: quota_clone dict path uses %{userdb:X} format for variable expansion\n# Note: Changed from ${userdb:X} to %{userdb:X} syntax for Dovecot 2.4.2 compatibility\n# The userdb response can still override this with quota_clone_dict_file_path if needed\nquota_clone {\n    dict file {\n        path = %{userdb:mail_path}\/dovecot-quota\n    }\n}\n\n# You can execute a given command when user exceeds a specified quota limit.\n# Each quota root has separate limits. Only the command for the first\n# exceeded limit is executed, so put the highest limit first.\n# Note that % needs to be escaped as %%, otherwise \"% \" expands to empty.\n#   quota_warning = storage=95%% \/usr\/local\/bin\/quota-warning.sh 95\n#   quota_warning2 = storage=80%% \/usr\/local\/bin\/quota-warning.sh 80\nquota_exceeded_message = \"Mailbox is full \/ Blocks limit exceeded \/ Inode limit exceeded\"\n\n# ACL plugin. vfile backend reads ACLs from \"dovecot-acl\" file from maildir\n# directory. You can also optionally give a global ACL directory path where\n# ACLs are applied to all users' mailboxes. The global ACL directory contains\n# one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter\n# specifies how many seconds to wait between stat()ing dovecot-acl file\n# to see if it changed.\nacl_driver = vfile\n\n##\n## Mailbox handling optimizations\n##\n\n# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are\n# also required for IMAP NOTIFY extension to be enabled.\nmailbox_list_index = yes\n\n# When IDLE command is running, mailbox is checked once in a while to see if\n# there are any new mails or other changes. This setting defines the minimum\n# time to wait between those checks. Dovecot can also use inotify and\n# kqueue to find out immediately when changes occur.\nmailbox_idle_check_interval = 30 secs\n\n# Max number of mails to keep open and prefetch to memory. This only works with\n# some mailbox formats and\/or operating systems.\nmail_prefetch_count = 20\n\nprotocol !indexer-worker {\n}\n\n##\n## Maildir-specific settings\n##\n\n# When copying a message, do it with hard links whenever possible. This makes\n# the performance much better, and it's unlikely to have any side effects.\nmaildir_copy_with_hardlinks = yes\n\n# Assume Dovecot is the only MUA accessing Maildir: Scan cur\/ directory only\n# when its mtime changes unexpectedly or when we can't find the mail otherwise.\nmaildir_very_dirty_syncs = yes\n\n# If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for\n# getting the mail's physical size, except when recalculating Maildir++ quota.\n# This can be useful in systems where a lot of the Maildir filenames have a\n# broken size. The performance hit for enabling this is very small.\nmaildir_broken_filename_sizes = yes\n\n# Disable the maildir breaking default behavior of\n# mail_attachment_detection_options, as setting ANY flag forces you out of new\/\n# and into cur\/\nmail_attachment_detection_options =\n\n##\n## mdbox-specific settings\n##\n\n# Maximum dbox file size until it's rotated.\nmdbox_rotate_size = 10M\n\n# Maximum dbox file age until it's rotated. Typically in days. Day begins\n# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.\n# Defined but not truthy, thus 0.\nmdbox_rotate_interval = 0\n\n##\n## IMAP specific settings\n##\n\nprotocol imap {\n  # If nothing happens for this long while client is IDLEing, move the connection\n  # to imap-hibernate process and close the old imap process. This saves memory,\n  # because connections use very little memory in imap-hibernate process. The\n  # downside is that recreating the imap process back uses some resources.\n  imap_hibernate_timeout = 30s\n\n  # Maximum number of IMAP connections allowed for a user from each IP address.\n  # NOTE: The username is compared case-sensitively.\n  mail_max_userip_connections = 20\n\n  # Sadly, defining mail_plugins *overwrites* the global setting in this scope.\n  # It is not an \"append only\" operation. Thus if you want anything other than\n  # the globals, you need to specify what globals you want as well, making the\n  # global set seem somewhat wasteful but for the fact that not doing this\n  # usually leads to a broken config, as some plugins need to be *initialized*\n  # in the global scope first to work properly.\n  mail_plugins = acl quota imap_quota mail_compress virtual\n\n  # IMAP logout format string:\n  #  %{input} - total number of bytes read from client\n  #  %{output} - total number of bytes sent to client\n  #  %{fetch_hdr_count} - Number of mails with mail header data sent to client\n  #  %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client\n  #  %{fetch_body_count} - Number of mails with mail body data sent to client\n  #  %{fetch_body_bytes} - Number of bytes with mail body data sent to client\n  #  %{deleted} - Number of mails where client added \\Deleted flag\n  #  %{expunged} - Number of mails that client expunged, which does not\n  #                include automatically expunged mails\n  #  %{autoexpunged} - Number of mails that were automatically expunged after\n  #                    client disconnected\n  #  %{trashed} - Number of mails that client copied\/moved to the\n  #               special_use=\\Trash mailbox.\n  #  %{appended} - Number of mails saved during the session\n  imap_logout_format = in=%{input}, out=%{output}, bytes=%{input}\/%{output}\n\n  # How many seconds to wait between \"OK Still here\" notifications when\n  # client is IDLEing.\n  imap_idle_notify_interval = 24 min\n\n  namespace spam {\n    prefix = spam\n    separator = .\n    mail_driver = virtual\n    mail_path = ~\/mail\/virtual\/%{user}\/spam\n    mail_cache_path = ~\/mail\/virtual\/%{user}\/spam\n    list = no\n    hidden = yes\n  }\n\n  namespace sent {\n    prefix = sent\n    separator = .\n    mail_driver = virtual\n    mail_path = ~\/mail\/virtual\/%{user}\/sent\n    mail_cache_path = ~\/mail\/virtual\/%{user}\/sent\n    list = no\n    hidden = yes\n  }\n\n}\n\n##\n## POP3 specific settings\n##\n\nprotocol pop3 {\n  # cPanel used to set this in config to UID%v-%u, but the UI never exposed\n  # this to users to change it. As such, on dovecot 2.4 we just hardcode it\n  # to the 2.4 version of what our default used to be, as it isn't actually\n  # configurable in a meaningful way to users apart from custom templates\n  # anyways. See https:\/\/doc.dovecot.org\/2.4.1\/core\/config\/pop3.html#uidl-format\n  # for the latest var names for this if you do intend to customize it.\n  pop3_uidl_format = UID%{uid}-%{uidvalidity}\n\n  # POP3 logout format string:\n  #  %{input} - total number of bytes read from client\n  #  %{output} - total number of bytes sent to client\n  #  %{top_count} - number of TOP commands\n  #  %{top_bytes} - number of bytes sent to client as a result of TOP command\n  #  %{retr_count} - number of RETR commands\n  #  %{retr_bytes} - number of bytes sent to client as a result of RETR command\n  #  %{deleted_count} - number of deleted messages\n  #  %{deleted_bytes} - number of bytes in deleted messages\n  #  %{message_count} - number of messages (before deletion)\n  #  %{message_bytes} - mailbox size in bytes (before deletion)\n  #  %{uidl_change} - old\/new UIDL hash. may help finding out if UIDLs changed unexpectedly\n  pop3_logout_format = top=%{top_count}\/%{top_bytes}, retr=%{retr_count}\/%{retr_bytes}, del=%{deleted_count}\/%{deleted_bytes}, size=%{message_bytes}, bytes=%{input}\/%{output}\n\n  # Maximum number of POP3 connections allowed for a user from each IP address.\n  # NOTE: The username is compared case-sensitively.\n  mail_max_userip_connections = 3\n\n  mail_plugins = quota virtual mail_compress\n\n  namespace spam {\n      prefix = spam\n     separator = .\n    # NOTE: The mail_path generally gets overridden in the userdb\/passdb return.\n    # The values set for this are basically placeholders under our setup.\n    mail_driver = virtual\n    mail_path = ~\/mail\/virtual\/%{user}\/spam\n    mail_cache_path = ~\/mail\/virtual\/%{user}\/spam\n    list = no\n    hidden = yes\n  }\n\n  namespace sent {\n      prefix = sent\n     separator = .\n    mail_driver = virtual\n    mail_path = ~\/mail\/virtual\/%{user}\/sent\n    mail_cache_path = ~\/mail\/virtual\/%{user}\/sent\n    list = no\n    hidden = yes\n  }\n\n}\n\n##\n## LMTP specific settings\n##\n\nprotocol lmtp {\n    quota_full_tempfail = no\n    mail_plugins {\n        quota = yes\n        mail_compress = yes\n        sieve = yes\n    }\n}\n\nlmtp_save_to_detail_mailbox = yes\nlmtp_user_concurrency_limit = 4\n\nrecipient_delimiter = +\n\n# Verify quota before replying to RCPT TO. This adds a small overhead.\nlmtp_rcpt_check_quota = yes\n\n##\n## LDA specific settings\n##\n\nprotocol lda {\n  quota_full_tempfail = no\n  mail_plugins {\n      quota = yes\n      mail_compress = yes\n      sieve = yes\n  }\n}\n\n# Should saving a mail to a nonexistent mailbox automatically create it?\nlda_mailbox_autocreate = yes\n\n\n##\n## Sieve specific settings\n##\n\nprotocol sieve {\n\n}\n\n##\n## Authentication processes\n##\n\n# Disable LOGIN command and all other plaintext authentications unless\n# SSL\/TLS is used (LOGINDISABLED capability). Note that if the remote IP\n# matches the local IP (ie. you're connecting from the same computer), the\n# connection is considered secure and plaintext authentication is allowed.\n# See also ssl=required setting.\n# Note: disable_plaintext_auth replaced by auth_allow_cleartext in Dovecot 2.4.1\nauth_allow_cleartext = yes\n\n# Allow weak authentication schemes such as MD5.\n# When set to \"no\", only secure password hashing will be permitted.\n# See https:\/\/doc.dovecot.org\/main\/core\/config\/auth\/schemes.html\n# for more information.\nauth_allow_weak_schemes = yes\n\n# Auth cache settings\n\n# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that\n# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.\nauth_cache_size = 1M\n\n# Time to live for cached data. After TTL expires the cached record is no\n# longer used, *except* if the main database lookup returns internal failure.\n# We also try to handle password changes automatically: If user's previous\n# authentication was successful, but this one wasn't, the cache isn't used.\n# For now this works only with plaintext authentication.\nauth_cache_ttl = 3600 sec\n\n# TTL for negative hits (user not found, password mismatch).\n# 0 disables caching them completely.\nauth_cache_negative_ttl = 3600 sec\n\n# List of allowed characters in username. If the user-given username contains\n# a character not listed in here, the login automatically fails. This is just\n# an extra check to make sure user can't exploit any potential quote escaping\n# vulnerabilities with SQL\/LDAP databases. If you want to allow all characters,\n# set this value to empty.\n#Allow + in usernames\nauth_username_chars = \"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$-=?^_{}~.\/@+%\"\n\n# Space separated list of wanted authentication mechanisms:\n#   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey\n#   gss-spnego\n# NOTE: See also auth_allow_cleartext setting.\nauth_mechanisms = plain login\n\nauth_policy_server_url = http:\/\/127.0.0.1:579\/dovecot-auth-policy\nhttp_client_request_timeout = 3000s\nauth_policy_hash_mech = sha512\nauth_policy_request_attributes {\n    auth_database=mail\n    database=mail\n    service=dovecot\n    username=%{original_user}\n    authtoken_hash=$0$0$%{hashed_password}\n    local_host=%{real_local_ip}\n    local_port=%{real_local_port}\n    remote_host=%{real_remote_ip}\n    remote_port=%{real_remote_port}\n}\nauth_policy_reject_on_fail = no\nauth_policy_hash_truncate = 64\nauth_policy_hash_nonce = \"dummmy\"\n\n# auth_policy_hash_nonce and auth_policy_server_api_header\n!include_try \/etc\/dovecot\/auth_policy.conf\n\n##\n## Password and user databases\n##\npassdb cpauthd {\n  driver = lua\n  lua_file = \/usr\/local\/cpanel\/etc\/dovecot\/cpauthd.lua\n  lua_settings {\n      socket = \/usr\/local\/cpanel\/var\/cpdoveauthd.sock\n  }\n  result_internalfail = continue\n  result_failure = return-fail\n}\nuserdb cpauthd {\n  driver = lua\n  lua_file = \/usr\/local\/cpanel\/etc\/dovecot\/cpauthd.lua\n  lua_settings {\n      socket = \/usr\/local\/cpanel\/var\/cpdoveauthd.sock\n  }\n}\n\n##\n## Logging verbosity and debugging.\n##\n\n##\n## Log formatting.\n##\n\n##\n## Services\n##\n\nservice config {\n    vsz_limit = 2048 M\n}\n\nservice quota-status {\n  vsz_limit = 2048 M\n  executable = quota-status -p postfix\n  unix_listener quota-status {\n    path = quota-status\n    mode = 0666\n  }\n}\n\nservice auth {\n  unix_listener auth-client {\n\n    # auth-legacy Required for exim on Dovecot 2.4\n    type = auth-legacy\n    path = auth-client\n    mode = 0666\n  }\n  vsz_limit = 512 M\n\n}\n\nservice stats {\n  vsz_limit = 2048 M\n  unix_listener stats-writer {\n    mode = 0666\n  }\n}\n\nmail_access_groups = dovecot\n\nservice dict {\n  vsz_limit = 2048 M\n  unix_listener dict {\n    mode = 0660\n      group = dovecot\n  }\n}\n\nservice lmtp {\n# Set max. process size in megabytes. Most of the memory goes to mmap()ing\n# files, so it shouldn't harm much even if this limit is set pretty high.\n    vsz_limit = 512 M\n\n    #We always want this. Otherwise one connection could block another\n    #connection that shares the same process.\n    client_limit = 1\n\n    process_limit = 500\n\n    unix_listener lmtp {\n       user = mailnull\n       group = mail\n       mode = 0660\n    }\n}\n\nservice imap-login {\n  # Maximum number of connections allowed per each login process. This setting\n  # is used only if login_process_per_connection=no. Once the limit is reached,\n  # the process notifies master so that it can create a new login process.\n  client_limit = 500\n\n  # Maximum number of login processes to create. The listening process count\n  # usually stays at login_processes_count, but when multiple users start logging\n  # in at the same time more extra processes are created. To prevent fork-bombing\n  # we check only once in a second if new processes should be created - if all\n  # of them are used at the time, we double their amount until the limit set by\n  # this setting is reached.\n  process_limit = 50\n\n  # Number of login processes to keep for listening new connections.\n  process_min_avail = 2\n\n  # Should each login be processed in its own process (yes), or should one\n  # login process be allowed to process multiple connections (no)? Yes is more\n  # secure, espcially with SSL\/TLS enabled. No is faster since there's no need\n  # to create processes all the time.\n  service_restart_request_count = unlimited\n\n  # Set max. process size in megabytes. If you don't use\n  # login_process_per_connection you might need to grow this.\n  vsz_limit = 128 M\n\n  # IP or host address where to listen in for non-SSL connections. Defaults\n  # to above if not specified.\n  listen = *,::\n\n  # IP or host address where to listen in for SSL connections. Defaults\n  # to above if not specified.\n  listen = *,::\n\n}\n\nservice imap {\n  # Maximum number of running mail processes. When this limit is reached,\n  # new users aren't allowed to log in.\n  process_limit = 512\n\n  # Set max. process size in megabytes. Most of the memory goes to mmap()ing\n  # files, so it shouldn't harm much even if this limit is set pretty high.\n  vsz_limit = 512 M\n\n\n  unix_listener imap-master {\n    user = dovecot\n  }\n  extra_groups = dovecot\n\n\n}\n\n\nservice imap-hibernate {\n  unix_listener imap-hibernate {\n    mode = 0660\n    group = dovecot\n  }\n  vsz_limit = 2048 M\n}\n\n\nservice managesieve-login {\n  # Maximum number of connections allowed per each login process. This setting\n  # is used only if login_process_per_connection=no. Once the limit is reached,\n  # the process notifies master so that it can create a new login process.\n  client_limit = 500\n\n  # Maximum number of login processes to create. The listening process count\n  # usually stays at login_processes_count, but when multiple users start logging\n  # in at the same time more extra processes are created. To prevent fork-bombing\n  # we check only once in a second if new processes should be created - if all\n  # of them are used at the time, we double their amount until the limit set by\n  # this setting is reached.\n  process_limit = 50\n\n  # Number of login processes to keep for listening new connections.\n  process_min_avail = 2\n\n  # Should each login be processed in its own process (yes), or should one\n  # login process be allowed to process multiple connections (no)? Yes is more\n  # secure, espcially with SSL\/TLS enabled. No is faster since there's no need\n  # to create processes all the time.\n  service_restart_request_count = unlimited\n\n  # Set max. process size in megabytes. If you don't use\n  # login_process_per_connection you might need to grow this.\n  vsz_limit = 128 M\n\n\n  listen = *,::\n  inet_listener sieve {\n    port = 4190\n  }\n\n}\n\nservice managesieve {\n  # Maximum number of running mail processes. When this limit is reached,\n  # new users aren't allowed to log in.\n  process_limit = 512\n\n  # Set max. process size in megabytes. Most of the memory goes to mmap()ing\n  # files, so it shouldn't harm much even if this limit is set pretty high.\n  vsz_limit = 512 M\n\n}\n\nservice pop3-login {\n  # Maximum number of connections allowed per each login process. This setting\n  # is used only if login_process_per_connection=no. Once the limit is reached,\n  # the process notifies master so that it can create a new login process.\n  client_limit = 500\n\n  # Maximum number of login processes to create. The listening process count\n  # usually stays at login_processes_count, but when multiple users start logging\n  # in at the same time more extra processes are created. To prevent fork-bombing\n  # we check only once in a second if new processes should be created - if all\n  # of them are used at the time, we double their amount until the limit set by\n  # this setting is reached.\n  process_limit = 50\n\n  # Number of login processes to keep for listening new connections.\n  process_min_avail = 2\n\n  # Should each login be processed in its own process (yes), or should one\n  # login process be allowed to process multiple connections (no)? Yes is more\n  # secure, espcially with SSL\/TLS enabled. No is faster since there's no need\n  # to create processes all the time.\n  service_restart_request_count = unlimited\n\n  # Set max. process size in megabytes. If you don't use\n  # login_process_per_connection you might need to grow this.\n  vsz_limit = 128 M\n\n  # IP or host address where to listen in for non-SSL connections. Defaults\n  # to above if not specified.\n  listen = *,::\n\n  # IP or host address where to listen in for SSL connections. Defaults\n  # to above if not specified.\n  listen = *,::\n}\n\nservice pop3 {\n  # Maximum number of running mail processes. When this limit is reached,\n  # new users aren't allowed to log in.\n  process_limit = 512\n  # Set max. process size in megabytes. Most of the memory goes to mmap()ing\n  # files, so it shouldn't harm much even if this limit is set pretty high.\n  vsz_limit = 512 M\n}\n\n# Setup doveadm\nservice doveadm {\n  unix_listener doveadm-server {\n      user = dovecot\n  }\n  vsz_limit = 2048 M\n}\n\n# Pre-setup for a few new services just to set vsz_limit\nservice indexer {\n  vsz_limit = 2048 M\n}\n\nservice indexer-worker {\n  vsz_limit = 2048 M\n}\n"}